Hi Stephen,
Thanks for the reply.
Can you please let me know how to delete all local customizations (via semanage or manually) and revert
to a default policy. Otherwise the output of semanage login -l and semanage user -l :
semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
admin_u user s0 s0-s0:c0.c1023 sysadm_r system_r
guest_u user s0 s0 guest_r
root user s0 s0-s0:c0.c1023 staff_r sysadm_r
specialuser_u user s0 s0 sysadm_r system_r
staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r
unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r
user_u user s0 s0 user_r
xguest_u user s0 s0 xguest_r
semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ sysadm_u s0-s0:c0.c1023 *
ccmservice specialuser_u s0 *
cucm admin_u s0-s0:c0.c1023 *
drfkeys specialuser_u s0 *
drfuser specialuser_u s0 *
informix specialuser_u s0 *
pwrecovery specialuser_u s0 *
root sysadm_u s0-s0:c0.c1023 *
sftpuser specialuser_u s0 *
system_u sysadm_u s0-s0:c0.c1023 *
Please let me know if any comments are there.
Thanks
Aman
On Wed, Nov 29, 2017 at 7:21 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
So from your earlier message, it is clear that you (or someone else)On Wed, 2017-11-29 at 09:33 +0530, Aman Sharma wrote:
> Hi Stephen,
>
> Below is the output of command :
>
> sestatus -v output
> SELinux status: enabled
> SELinuxfs mount: /sys/fs/selinux
> SELinux root directory: /etc/selinux
> Loaded policy name: targeted
> Current mode: enforcing
> Mode from config file: permissive
> Policy MLS status: enabled
> Policy deny_unknown status: allowed
> Max kernel policy version: 28
>
> Process contexts:
> Current context: system_u:system_r:unconfined_t:s0-
> s0:c0.c1023
> Init context: system_u:system_r:init_t:s0
> /usr/sbin/sshd system_u:system_r:sshd_t:s0-
> s0:c0.c1023
>
> File contexts:
> Controlling terminal: system_u:object_r:sshd_devpts_t:s0
> /etc/passwd system_u:object_r:passwd_file_t:s0
> /etc/shadow system_u:object_r:shadow_t:s0
> /bin/bash system_u:object_r:shell_exec_t:s0
> /bin/login system_u:object_r:login_exec_t:s0
> /bin/sh system_u:object_r:bin_t:s0 ->
> system_u:object_r:shell_exec_t:s0
> /sbin/agetty system_u:object_r:getty_exec_t:s0
> /sbin/init system_u:object_r:bin_t:s0 ->
> system_u:object_r:init_exec_t:s0
> /usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
> /lib/libc.so.6 system_u:object_r:lib_t:s0 ->
> system_u:object_r:lib_t:s0
> /lib/ld-linux.so.2 system_u:object_r:lib_t:s0 ->
> system_u:object_r:ld_so_t:s0
>
> Also I am using ssh session for login.
>
> Please let me know how to change id command context to unconfined_u
> or Sysadm_u.
has heavily customized your semanage login and user mappings from the
stock targeted policy. The question is why, and whether you want/need
to retain any of those customizations. If not, then you could just
delete all local customizations (via semanage or manually) and revert
to a stock policy.
If you do need to retain some of those customizations, then please show
your current semanage login -l and semanage user -l output since you
said you ran some further semanage commands after the last output you
showed.
